projects
/
openwrt
/
staging
/
blogic.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
7f80850
)
hfs: add sanity check for file name length
author
Dan Carpenter
<dan.carpenter@oracle.com>
Mon, 14 Nov 2011 14:52:08 +0000
(17:52 +0300)
committer
Linus Torvalds
<torvalds@linux-foundation.org>
Tue, 15 Nov 2011 16:29:42 +0000
(14:29 -0200)
On a corrupted file system the ->len field could be wrong leading to
a buffer overflow.
Reported-and-acked-by: Clement LECIGNE <clement.lecigne@netasq.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/hfs/trans.c
patch
|
blob
|
history
diff --git
a/fs/hfs/trans.c
b/fs/hfs/trans.c
index e673a88b8ae7560b14796b611aa57b267193411f..b1ce4c7ad3fb4f33e12ff4c8e320368b851e52c8 100644
(file)
--- a/
fs/hfs/trans.c
+++ b/
fs/hfs/trans.c
@@
-40,6
+40,8
@@
int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in)
src = in->name;
srclen = in->len;
+ if (srclen > HFS_NAMELEN)
+ srclen = HFS_NAMELEN;
dst = out;
dstlen = HFS_MAX_NAMELEN;
if (nls_io) {